Cybersecurity In Practice (Part I): Software Power

By Marcelo A. O. Malagutti[1]

Software increases its importance on a daily basis. Could it come to affect the balance of power among nations?
Software increases its importance on a daily basis. Could it come to affect the balance of power among nations?

‘Might an army of software wizards use insidious electronic means to dislocate the support systems of modern societies, such as transport, banking, and public health?’

This question, posed by Sir Lawrence Freedman,[2] brings together the two elements of cyber-power: software (whose wizards would use, or command, insidious electronic means) or hardware (physical creations built to achieve their goals).

In an industrial era society, there is a clear perception of the materiality of stuff. The same is clearly perceived in industrial-era warfare: planes, tanks, missiles, battalions. This is what we perceive and thus value, as power. Regarding cyber, this is easily represented as hardware power.

However, a much harder element to perceive is the importance of knowledge, the fuel of the post-industrial era. It is immaterial: no shape, no color, no weight, no smell. It cannot be touched. In cyber terms, this is known as software.[3],[4]

The term cyber-power has been defined in many different ways, having become ‘part of a terminological lineage that includes “airpower” and “seapower” to describe the operations of national-principally military-coercive power in particular environmental domains’.[5] To avoid this broad (un)definition, and to emphasize the increasing importance of software in comparison with hardware, the term Software Power should designate:

Software tools used on behalf of a state to exploit, deny, degrade, disrupt, destroy or defend computer networks, its connected devices, and information systems or data resident on them.

In practical terms, software defensive and offensive capabilities related to coercive operations originated by states.

This definition congregates all three subsets of Computer Network Operations (CNO): Computer Network Exploitation (CNE), Computer Network Attack (CNA), and Computer Network Defence (CND).[6] It also extends them to include connected devices, and not only the computer networks, and the systems and data resident in the targeted networks. Finally, it specifies state sponsored software use, incorporating and extending Libicki’s definition of cyber attack as ‘the deliberate disruption or corruption by one state of a system of interest to another state’.[7]

Limiting the scope of cyber power, war or warfare, it excludes PsyOps (psychological operations) or propaganda through Social Media Networks (i.e. Twitter or Facebook) as occurred during the Arab Spring. It also avoids futile discussion about cyber having shadowing areas related to electronic warfare. Thus, exploiting a network breach by means of software, and hijacking an unmanned aerial vehicle (or drone) is a software power operation, while using radio signals to interfere with the drone’s communication and control capabilities is not. It also excludes non-military ends (even if politically intended), as the Distributed Denial of Service (DDoS) often reported as having occurred in Estonia in 2007 and Georgia in 2008.

However, this does not mean to say that hardware power is irrelevant.

Which country possesses the world’s fastest computer matters as much to policymakers now as which country possessed the fastest or longest-range aircraft in the interwar period, and for the same reason. They are thought to be indicative of military potential as well as prestige.[8]

The unit for measuring the processing power of supercomputers is named PFLOPS (PetaFLOPS), meaning 1015 Floating-point Operations Per Second. In November 2015, the top 500 list of largest supercomputers was led by the following supercomputers:[9]

Table 1: List of large supercomputers

Ranking Country Computer Power (PLOPS)
1 China Tianhe-2 (MilkyWay-2) 33.9
2 U.S. Titan 17.6
3 U.S. Sequoia 17.2
4 Japan RIKEN 10.5

In the last update of the list, in June 2016, a new Chinese computer, the Sunway TaihuLight, figured in the first place, with 93.0 PFLOPS of processing power, almost three times faster than the also Chinese Tianhe-2 and five times faster than U.S. Titan.[10]

In addition to the huge processing power of TaihuLight, the Chinese have one more reason to be proud of: it is based on a Chinese designed and built 256-core processor.[11] While the Chinese might and should be proud of their dual achievement, the Americans also have theirs. That same June, the Americans announced the development of the first known kilo-core processor (1,024 cores).[12]

Superior processing capabilities are essential for tasks of military or economic importance, like cryptanalysis or the accurate simulation of chemical reactions at the molecular level. These capabilities are the promise of the research in the new quantum computers.[13],[14] Meanwhile, existing supercomputers have been used to achieve these and other security purposes, as in the recently announced new project for IBM’s Watson: fighting cybercrime.[15],[16]

Nevertheless, our emphasis in software has many objective reasons.

First, to date, all relevant cyber offenses relate to software capabilities more than hardware features. In general, cyber attacks consist of the transmission of software or data to an enemy network to exploit, or damaging the network itself or the systems or data in it.[17]

Second, as implicit in Sir Freedman’s question, it is software that controls hardware, be it at the application (or App) level, be it at the drivers that connect the devices to the operating systems or be it the firmware that runs on the circuit boards themselves. Additionally, although ‘hardware can be switched off or destroyed, deliberately or accidentally’, this requires physical (in loco) presence, while remotely ‘its software can be altered, allowing actions that were once precluded or vice versa’.[18]

Third, in the process of technical evolution, as electronics has replaced mechanics in a broad range of uses, in a similar way software is replacing hardware. Parallel computing algorithms implemented through software have made standard (or commodity) computers (networked in clusters) capable of processing massive amounts of data at unprecedented speed. The British signals intelligence agency Government Communications Headquarters (GCHQ), for instance, uses the open source software Hadoop platform inspired by Google’s MapReduce, for metadata analysis.[19] It has been designed to provide ‘distributed processing of large data sets across clusters of computers using simple programming models’.[20] ‘With hundreds of hard disks working simultaneously multiple gigabytes can be read per second. This allows the processing of the multi-terabyte datasets we intercept’.[21] In 2008, it’s American counterpart, the National Security Agency (NSA), developed Accumulo, also based on Google’s technology.[22],[23] And then, in 2011, has made it open source also.[24]

While the above platforms are capable of dealing with large amounts of data concerning simple processing operation needs, experiences like that of the SETI@home (Search for Extraterrestrial Intelligence at Home), run by Berkeley University, have produced the Berkeley Open Infrastructure for Network Computing (BOINC) platform for volunteer grid computing. This platform has created a virtual supercomputer from thousands of interconnected computers worldwide, with an average of 11.2 PFLOPS.[25] Thus, the computing power provided by BOINC is larger than that of the world’s sixth supercomputer.

Lastly, the development of hardware capabilities has a high entry barrier, due not only to the cost of designing components but also to that of the production plants, and given that its market is very limited. Importing supercomputers is also a difficult task since hardware may fall under arms control restrictions of its exporters. Brazil, for instance, has always found difficult importing computers and other sensitive materials, and even buying computers made in Brazil by U.S. companies.[26] The largest supercomputer in Brazil is ranked 200th on the list, with only 0.2 PFLOPS of processing power, being U.S. made.[27] Besides, restrictions on acquisitions apply not only to complete computers but also to their components. The Chinese Tianhe-2 uses U.S.-produced processors. Due to alleged use of the computer for nuclear tests, U.S. agencies have restricted the exportation of those processors to China.[28] The Chinese answer, clearly planned ahead, was to only use Chinese processors in the construction of TaihuLight.

Not less relevant is the fact that, in the creative economy of the Third Wave, software becomes an increasingly important part of both scientific, technological, economic, and military expressions of national power.[29]


Marcelo, an MA candidate in War Studies at King’s College London (KCL), possesses a BSc in Scientific Computing from Universidade de Brasília (UnB); an MBA in Corporate Strategies from Fundação Getúlio Vargas (FGV); and a Specialization in High Studies, Policies and Strategies from the Brazilian War College (ESG). He is also the founder and shareholder of Fóton Informática S.A., a Brazilian software company specializing in Banking Automation.


Notes:

[1] BSc in Scientific Computing by Universidade de Brasília (UnB); MBA in Corporate Strategies by Fundação Getúlio Vargas (FGV); Specialization in High Studies, Policies and Strategies by Brazilian War College (ESG); Founder and shareholder of Fóton Informática S.A., a Brazilian software company specialized in Banking Automation; MA candidate in War Studies at King’s College London (KCL).

[2] Freedman, Lawrence. 2015. Strategy: A History. United States: Oxford University Press, p. 228

[3] Toffler, Alvin. 1980. The Third Wave. New York: William Morrow & Company.

[4] Toffler, Alvin, and Heidi Toffler. 2006. Revolutionary Wealth: [how It Will Be Created and How It Will Change Our Lives]. New York: Alfred A. Knopf.

[5] Betz, David, and Timothy Stevens. 2011. Cyberspace and the State: Towards a Strategy for Cyberpower. London, U.K: Routledge for the International Institute for Strategic Studies (IISS), p. 43

[6] European Parliament. 2011. Study Cybersecurity and Cyberpower: Concepts, Conditions and Capabilities for Cooperation for Action Within the EU. Brussels: Directorate-General for External Policies of the Union. http://www.europarl.europa.eu/RegData/etudes/etudes/join/2011/433828/EXPO-SEDE_ET%282011%29433828_EN.pdf, p. 7

[7] Libicki, Martin. 2009. Cyberdeterrence and Cyberwar. Santa Monica, CA: Rand Corp., p. 23

[8] Betz and Stevens (2011), p. 86

[9] TOP500.org. 2015. “TOP500 Supercomputer Sites.” TOP500 Supercomputer Sites. November 17. http://www.top500.org/lists/2015/11/.

[10] TOP500.org. 2016. “TOP500 Supercomputer Sites.” TOP500 Supercomputer Sites. June 20. https://www.top500.org/lists/2016/06/.

[11] Fu, Haohuan, Junfeng Liao, Jinzhe Yang, Lanning Wang, Zhenya Song, Xiaomeng Huang, Chao Yang, et al. 2016. “The Sunway TaihuLight Supercomputer: System and Applications.” Science China Information Sciences 59 (June). Springer Nature. doi:10.1007/s11432-016-5588-7.

[12] UC Davis. 2016. “World’s First 1, 000-Processor Chip.” UC Davis. UC Davis. June 24. https://www.ucdavis.edu/news/worlds-first-1000-processor-chip.

[13] The Economist. 2016. “After Moore’s Law.” The Economist, March 12.

[14] MIT. 2015. “IBM Shows off a Quantum Computing Chip.” MIT Technology Review. April 30. https://www.technologyreview.com/s/537041/ibm-shows-off-a-quantum-computing-chip/.

[15] http://www.ibm.com/watson/what-is-watson.html

[16] Barrett, Brian. 2016. “IBM’s Watson Has a New Project: Fighting Cybercrime.” Security. WIRED. May 10. https://www.wired.com/2016/05/ibm-watson-cybercrime/.

[17] Lukasik, Stephen J. 2010. “A Framework for Thinking About Cyber Conflict and Cyber Deterrence with Possible Declaratory Policies for These Domains.” In Proceedings of a Workshop on Deterring Cyberattacks, edited by National Research Council (U.S.). Committee on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy, 99–121. Washington, D.C: National Academies Press. http://www.nap.edu/openbook.php?record_id=12997&page=99.

[18] Betz, David, and Timothy Stevens. 2013. “Analogical Reasoning and Cyber Security.” Security Dialogue 44 (2): 147–64.

[19] Dean, Jeffrey, and Sanjay Ghemawat. 2004. “MapReduce: Simplified Data Processing on Large Clusters.” In OSDI’04: Sixth Symposium on Operating System Design and Implementation. San Francisco: 137-149.

[20] http://hadoop.apache.org

[21] GCHQ. 2011. HIMR Data Mining Research Problem Book. GCHQ. https://fveydocs.org/document/hmr-data-mining/, p. 60

[22] Metz, Cade. 2012. “NSA Mimics Google, Pisses off Senate.” Business. WIRED. July 17. http://www.wired.com/2012/07/nsa-accumulo-google-bigtable/.

[23] Harris, Shane. 2014. @War: The Rise of the Military-Internet Complex. United States: Eamon Dolan/Houghton Mifflin Harcourt., p. 36

[24] http://accumulo.apache.org/

[25] http://boinc.berkeley.edu/. On 04 June 2016 it indicated 421,945 volunteers with 901,422 computers, providing a 24-hour average of 11.174 PFLOPS.

[26] Angelo, Cláudio. 2007. “‘Eixo Do Mal’ Científico: Ministério Pede Explicações à Dell Sobre Exigências a Físicos – 14/09/2007.” Folha de São Paulo. September 2. http://www1.folha.uol.com.br/fsp/ciencia/fe1409200703.htm.

[27] TOP500.org (2015)

[28] Clark, Don. 2015. “U.S. Agencies Block Technology Exports for Supercomputer in China.” The Wall Street Journal, April 9. http://www.wsj.com/articles/u-s-agencies-block-technology-exports-for-supercomputer-in-china-1428561987.

[29] Toffler (1980)

Image credit: https://lionandpanda.com/rubyhaus-scott-salyer-a-k-a-slayer/

Leave a Reply

Your email address will not be published. Required fields are marked *

Share this

Copyright © 2018 Strife Blog. All Rights Reserved.

Designed by Kris Chan